diff options
Diffstat (limited to 'files/zh-cn/nss/key_log_format')
-rw-r--r-- | files/zh-cn/nss/key_log_format/index.html | 20 |
1 files changed, 0 insertions, 20 deletions
diff --git a/files/zh-cn/nss/key_log_format/index.html b/files/zh-cn/nss/key_log_format/index.html deleted file mode 100644 index a997036b31..0000000000 --- a/files/zh-cn/nss/key_log_format/index.html +++ /dev/null @@ -1,20 +0,0 @@ ---- -title: NSS Key Log Format -slug: NSS/Key_Log_Format -tags: - - NSS Key Log Format -translation_of: Mozilla/Projects/NSS/Key_Log_Format ---- -<div class="note"> -<p>Starting with <a href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.24_release_notes">NSS 3.24</a> (around Firefox 48), the <code>SSLKEYLOGFILE</code> approach is disabled by default. Distributors can re-enable it at compile time though which is done for the official Firefox binaries. (See <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1188657">bug 1188657</a>.) it should work again on Firefox >= 50</p> -</div> - -<p>Key logs can be written by NSS so that external programs can decrypt TLS connections. Wireshark 1.6.0 and above can use these log files to decrypt packets. You can tell Wireshark where to find the key file via <em>Edit→Preferences→Protocols→SSL→(Pre)-Master-Secret log filename</em>.</p> - -<p>Key logging is enabled by setting the environment variable <code>SSLKEYLOGFILE <</code>FILE> to point to a file. This file is a series of lines. Comment lines begin with a sharp character ('#'). Otherwise the line takes one of these formats.</p> - -<p><code>RSA</code> <space> <16 bytes of hex encoded encrypted pre master secret> <space> <96 bytes of hex encoded pre master secret></p> - -<p><code>CLIENT_RANDOM</code> <space> <64 bytes of hex encoded <code>client_random</code>> <space> <96 bytes of hex encoded master secret></p> - -<p>The <code>RSA</code> form allows ciphersuites using RSA key-agreement to be logged and is supported in shipping versions of Wireshark. The <code>CLIENT_RANDOM</code> format allows other key-agreement algorithms to be logged but is only supported starting with Wireshark 1.8.0. For Wireshark usage, see <a href="https://wiki.wireshark.org/SSL">SSL - Wireshark Wiki</a>.</p> |